WEKO3
アイテム
Time Zone Analysis on IIJ Network Traffic for Malicious Botnet Activities
https://ipsj.ixsq.nii.ac.jp/records/94470
https://ipsj.ixsq.nii.ac.jp/records/94470a8d6e4c6-bf26-49de-92fb-4d079fd7332f
| 名前 / ファイル | ライセンス | アクション |
|---|---|---|
IPSJ-CSEC13062055.pdf (263.1 kB)
2100年1月1日からダウンロード可能です。
|
Copyright (c) 2013 by the Institute of Electronics, Information and Communication Engineers
This SIG report is only available to those in membership of the SIG. |
|
| CSEC:会員:¥0, DLIB:会員:¥0 | ||
| Item type | SIG Technical Reports(1) | |||||||
|---|---|---|---|---|---|---|---|---|
| 公開日 | 2013-07-11 | |||||||
| タイトル | ||||||||
| タイトル | Time Zone Analysis on IIJ Network Traffic for Malicious Botnet Activities | |||||||
| タイトル | ||||||||
| 言語 | en | |||||||
| タイトル | Time Zone Analysis on IIJ Network Traffic for Malicious Botnet Activities | |||||||
| 言語 | ||||||||
| 言語 | eng | |||||||
| 資源タイプ | ||||||||
| 資源タイプ識別子 | http://purl.org/coar/resource_type/c_18gh | |||||||
| 資源タイプ | technical report | |||||||
| 著者所属 | ||||||||
| Faculty of Engineering, King Mongkut's Institute of Technology Ladkrabang | ||||||||
| 著者所属 | ||||||||
| School of Interdisciplinary Mathematical Sciences, Meiji University | ||||||||
| 著者所属 | ||||||||
| Faculty of Engineering, King Mongkut's Institute of Technology Ladkrabang | ||||||||
| 著者所属 | ||||||||
| Faculty of Engineering, King Mongkut's Institute of Technology Ladkrabang | ||||||||
| 著者所属 | ||||||||
| Hitachi, Ltd., | ||||||||
| 著者所属 | ||||||||
| School of Information and Telecommunication Engineering, Tokai University | ||||||||
| 著者所属(英) | ||||||||
| en | ||||||||
| Faculty of Engineering, King Mongkut's Institute of Technology Ladkrabang | ||||||||
| 著者所属(英) | ||||||||
| en | ||||||||
| School of Interdisciplinary Mathematical Sciences, Meiji University | ||||||||
| 著者所属(英) | ||||||||
| en | ||||||||
| Faculty of Engineering, King Mongkut's Institute of Technology Ladkrabang | ||||||||
| 著者所属(英) | ||||||||
| en | ||||||||
| Faculty of Engineering, King Mongkut's Institute of Technology Ladkrabang | ||||||||
| 著者所属(英) | ||||||||
| en | ||||||||
| Hitachi, Ltd., | ||||||||
| 著者所属(英) | ||||||||
| en | ||||||||
| School of Information and Telecommunication Engineering, Tokai University | ||||||||
| 著者名 |
Khamphao, Sisaat
Hiroaki, Kikuchi
Surin, Kittitornkun
Chaxiong, Yukonhiatou
Masato, Terada
Hiroshi, Ishii
× Khamphao, Sisaat Hiroaki, Kikuchi Surin, Kittitornkun Chaxiong, Yukonhiatou Masato, Terada Hiroshi, Ishii
|
|||||||
| 著者名(英) |
Khamphao, Sisaat
Hiroaki, Kikuchi
Surin, Kittitornkun
Chaxiong, Yukonhiatou
Masato, Terada
Hiroshi, Ishii
× Khamphao, Sisaat Hiroaki, Kikuchi Surin, Kittitornkun Chaxiong, Yukonhiatou Masato, Terada Hiroshi, Ishii
|
|||||||
| 論文抄録 | ||||||||
| 内容記述タイプ | Other | |||||||
| 内容記述 | Many of recent cyber-attacks are being lunched by botnets for the purpose of carrying out large scale cyber-attacks such as DDoS, spam email, network scanning, and so on. In many cases, these botnets consist of a lot of bots or compromised PCs, which have been infected by specific malware. These bots try to propagate themselves into other victim via the multiple C&C servers in the Internet, which are controlled by a remote botmaster. This makes it more difficult to identify botnet attacks and harder to trace the source country/IP address of the botmaster. To identify the C&C servers during malware/bot downloading phase, time zone correlation can be used as a tool to identify the time zone of the C&C servers. In this paper, we do a time zone correlation analysis with the malware download up to 100 honeypots in the IIJ MITF (Internet Initiative Japan - Malware Investigation Task Force) Dataset 2012 comprising over 30 million data records and almost 5 hundreds unique malware names. Baesd on GeoIP service, a time zone correlation model has been proposed to determine the correlation coefficient between malware dwnloads from Japan and other countries. We found a strong correlation between active bot downloads and time zone of the C&C servers. As a result, our model confirmts that malware/bot downloads are synchronized with time zone (country) of the corresponding C&C servers. | |||||||
| 論文抄録(英) | ||||||||
| 内容記述タイプ | Other | |||||||
| 内容記述 | Many of recent cyber-attacks are being lunched by botnets for the purpose of carrying out large scale cyber-attacks such as DDoS, spam email, network scanning, and so on. In many cases, these botnets consist of a lot of bots or compromised PCs, which have been infected by specific malware. These bots try to propagate themselves into other victim via the multiple C&C servers in the Internet, which are controlled by a remote botmaster. This makes it more difficult to identify botnet attacks and harder to trace the source country/IP address of the botmaster. To identify the C&C servers during malware/bot downloading phase, time zone correlation can be used as a tool to identify the time zone of the C&C servers. In this paper, we do a time zone correlation analysis with the malware download up to 100 honeypots in the IIJ MITF (Internet Initiative Japan - Malware Investigation Task Force) Dataset 2012 comprising over 30 million data records and almost 5 hundreds unique malware names. Baesd on GeoIP service, a time zone correlation model has been proposed to determine the correlation coefficient between malware dwnloads from Japan and other countries. We found a strong correlation between active bot downloads and time zone of the C&C servers. As a result, our model confirmts that malware/bot downloads are synchronized with time zone (country) of the corresponding C&C servers. | |||||||
| 書誌レコードID | ||||||||
| 収録物識別子タイプ | NCID | |||||||
| 収録物識別子 | AA11235941 | |||||||
| 書誌情報 |
研究報告コンピュータセキュリティ(CSEC) 巻 2013-CSEC-62, 号 55, p. 1-8, 発行日 2013-07-11 |
|||||||
| Notice | ||||||||
| SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc. | ||||||||
| 出版者 | ||||||||
| 言語 | ja | |||||||
| 出版者 | 情報処理学会 | |||||||
